Amazon - Data Breach
Executive Summary
On May 4, 2026, Braintrust, an AI evaluation platform, discovered unauthorized access to its AWS account containing customer API keys used to access cloud-based AI models. The company locked down affected systems and urged customers to rotate their API keys, with one customer confirmed directly affected and three others reporting suspicious usage spikes under investigation. The breach highlights risks of storing sensitive credentials with third-party AI platforms and demonstrates how attacker...
What Happened
On May 4, 2026, Braintrust, an AI evaluation platform, discovered unauthorized access to its Amazon Web Services account that stored customer API keys used for accessing cloud-based AI models. The company immediately locked down the compromised account, rotated internal credentials, and notified customers on May 5, 2026, advising them to regenerate their API keys. One customer has been confirmed as directly affected, while three others reported suspicious usage spikes that remain under investigation.
Who Is Affected
Customers of Braintrust who stored API keys with the platform are affected, with at least one customer confirmed to have experienced direct impact. Three additional customers reported unusual spikes in their AI provider usage that may indicate unauthorized access to their accounts. Any organization that stored cloud AI model credentials with Braintrust during the compromised period should assume their API keys were potentially exposed.
Why It Matters
This incident demonstrates the cascading risks of third-party AI platform security, where a single breach can expose credentials that unlock access to multiple downstream services and customer accounts. The compromise highlights how attackers increasingly target SaaS and AI infrastructure providers as centralized access points to reach many organizations at once. The incident sets a precedent for how companies storing sensitive customer credentials must respond rapidly and transparently when cloud account security is breached.
What You Should Do
If you are a Braintrust customer, immediately revoke and regenerate all API keys you stored with the platform, including keys for OpenAI, Anthropic, Google Cloud, AWS Bedrock, or other AI services. Review your AI provider account logs and billing statements from May 4, 2026 onward for any unusual activity or unexpected usage spikes. Enable multi-factor authentication on all cloud accounts and consider implementing API key rotation as a regular security practice rather than storing long-lived credentials with third-party platforms.
Summary generated from verified sources and reviewed before publication. How we summarize.